Configure JSON web token (JWT) API authentication
In this topic, you learn how to set up authentication via a JSON web token (JWT) and how to configure it in your Cockpit. You must perform multiple tasks to enable the connection.
Prerequisites
-
You have registered the Neptune DXP - Open Edition in the Microsoft Entra admin center. Find more information about how to register an app on Microsoft documentation.
-
You know the tenant ID from the Microsoft Entra admin center for your Neptune DXP - Open Edition.
Procedure
-
In the Cockpit, go to Settings, and select System Settings.
-
In the Authentication tab, select Edit.
-
Select + Add and select JWT.
Result: The Authentication window opens.
-
In JWT Validation, fill in or select the following fields:
-
Enter a Name for the authentication.
-
Select Active to activate this authentication method.
-
Enter a Description.
-
Enter a Path to retrieve a Neptune DXP - Open Edition session, for example, /user/logon/jwt/(path). You can add any string as a path.
-
You can add an Issuer validation.
-
You can add an Audience validation.
-
In Secret, add a secret key for the validation if no JSON web key set (JWKS) URL is provided.
- Jwks Url
-
Add the URL that leads to the JWKS. For example:
https://login.microsoftonline.com/<tenantid>/discovery/v2.0/keys
-
In Proxy for Jwks Url, add a proxy for your JWKS URL, you can add any string.
-
Set a token header field in Override default Jwt Extraction Method - From Authorization Header as Bearer Token
-
-
In Claims Assignment, select Add to add claims assignments.
-
If required, in Auto Assignment, assign roles and groups that you have defined in the Role and Security Group tools in the Cockpit.
-
In Custom Script, to modify the roles' assignment manually, optionally enter your own custom code .
For example, to log user details to view in the system logs when the authentication method is used and to use custom logic to affect the entered variables, enter the following in Custom Script:
log.info("XXuser",user); log.info("XXprofile",profile); log.info("Member of:"+ profile.memberof);
-
Select OK to save your input.
Result: The Authentication dialog closes.
-
In System Settings, select Restart to activate JSON web token authentication.